// For flags

CVE-2022-46181

Gotify server XSS vulnerability in the application image file upload

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory.

El servidor Gotify es un servidor simple para enviar y recibir mensajes en tiempo real por WebSocket. Las versiones anteriores a la 2.2.2 contienen una vulnerabilidad XSS que permite a los usuarios autenticados cargar archivos .html. Un atacante podría ejecutar scripts del lado del cliente **si** otro usuario abriera un enlace. El atacante podría potencialmente hacerse cargo de la cuenta del usuario que hizo clic en el enlace. La interfaz de usuario de Gotify no expondrá de forma nativa un enlace malicioso, por lo que un atacante debe lograr que el usuario abra el enlace malicioso en un contexto fuera de Gotify. La vulnerabilidad se ha solucionado en la versión 2.2.2. Como workaround, puede bloquear el acceso a archivos que no sean de imágenes a través de un proxy inverso en el directorio `./image`.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-11-28 CVE Reserved
  • 2022-12-29 CVE Published
  • 2024-07-21 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gotify
Search vendor "Gotify"
Server
Search vendor "Gotify" for product "Server"
< 2.2.2
Search vendor "Gotify" for product "Server" and version " < 2.2.2"
-
Affected